[ntpwg] WG: Minutes from NTP WG Interim meeting Fri Oct 14, 2016
dieter.sibold@ptb.de Tue, 08 November 2016 18:54 UTC
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F70412965E for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Tue, 8 Nov 2016 10:54:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.395
X-Spam-Level:
X-Spam-Status: No, score=-3.395 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0vqNwofvR5e0 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Tue, 8 Nov 2016 10:54:09 -0800 (PST)
Received: from lists.ntp.org (psp3.ntp.org [185.140.48.241]) by ietfa.amsl.com (Postfix) with ESMTP id 1FBD51296D8 for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 8 Nov 2016 10:54:09 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [10.224.90.243]) by lists.ntp.org (Postfix) with ESMTP id CBF9C86DB1A for <ntp-archives-ahFae6za@lists.ietf.org>; Tue, 8 Nov 2016 18:54:08 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (fortinet.ntp.org [10.224.90.254]) by lists.ntp.org (Postfix) with ESMTP id F3CA086D427 for <ntpwg@lists.ntp.org>; Tue, 8 Nov 2016 18:52:59 +0000 (UTC)
Received: from mx1.bs.ptb.de ([192.53.103.120]) by mail1.ntp.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <dieter.sibold@ptb.de>) id 1c4BVq-0001TQ-3U for ntpwg@lists.ntp.org; Tue, 08 Nov 2016 18:52:59 +0000
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id uA8Iqkpc030562-uA8Iqkpd030562 for <ntpwg@lists.ntp.org>; Tue, 8 Nov 2016 19:52:46 +0100
Received: from rose.bs.ptb.de (rose.bs.ptb.de [141.25.85.201]) by smtp-hub.bs.ptb.de (Postfix) with ESMTP id 1D4E42B510D for <ntpwg@lists.ntp.org>; Tue, 8 Nov 2016 19:52:46 +0100 (CET)
To: "ntpwg@lists.ntp.org" <ntpwg@lists.ntp.org>
MIME-Version: 1.0
Message-ID: <OF25785881.38547240-ONC1258065.0067961D-C1258065.0067B436@ptb.de>
From: dieter.sibold@ptb.de
Date: Tue, 08 Nov 2016 19:52:42 +0100
X-SA-Exim-Connect-IP: 192.53.103.120
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: dieter.sibold@ptb.de
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: [ntpwg] WG: Minutes from NTP WG Interim meeting Fri Oct 14, 2016
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============8828628536510294640=="
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
I just discovered that this mail was not delivered to the NTP mailing list. So, this is my second try. Sorry https://www.ietf.org/proceedings/interim-2016-ntp-05/minutes/minutes-interim-2016-ntp-05-201610141000-02 NTP WG Interim Meeting - Boston Friday October 14, 10:00 am - 5:00 pm Chairs: Karen O Donoghue and Dieter Sibold Agenda ====== 1. Overview/summary of updates from the core security documents (explanation of the documents): draft-ietf-ntp-network-time-security draft-ietf-ntp-using-nts-for-ntp draft-dfranke-nts (no discussion planned, but included here for completeness as part of the suite of security documents thus far) draft-ietf-ntp-cms-for-nts-message Dieter presented a preliminary merged documents of the two drafts draft-ietf-ntp-using-nts-for-ntp and draft-dfranke-nts (for more details refer to the session's materials section). Decisions: 1) What key exchange (KE) protocol to use? 1.a) Do we want to allow optional key exchange mechanisms? (Alternative KE protocols). Decision: NO. 1.b) KE for the client server mode (mode 3/mode 4): Decisions: - TLS out of band to establish keys. then transmission of timing information is done with custom protocol from daniel's draft over UDP/123. - smuggling DTLS KE over NTP extension fields is tabled for now. 1.c) KE and transport for symmetric peering mode (mode 1/mode 2): Decision: TLS (alternatively DTLS) on a port other than UDP/123 to establish keys, and then timing information is carried over the TLS record layer. 1.d) KE and transport for control mode (mode 6) Decision: DTLS on a port other than UDP/123 to establish keys. then timing information is carried over the DTLS record layer. 1.e) Open question for mode 1,2,6: * what port to run the handshake on? 123 or other port? * what port to run the timing exchange on? 123 or other port? 2) Privacy considerations - Need to write down the objective in the draft, which seems to be: - prevent linkability of client even if the client does not know that its IP address has changed from IPa to IPb. We do not want a *passive* monitor to use info in the NTP/NTS packet to link IPa and IPb. - Some justification in the draft for the use case for which the client does not know that its IP address has changed. - Daniel to provide some performance numbers to give us an idea of the performance of his protocol as currently written in draft, and also with encryption of the NTP header added. - Decision: Fix legacy client linkability issues in the NTP header, because if we don't fix them, all the mechanisms used to prevent linkability in NTS have little point. Roughly, the idea is to zero out all identifying fields in the client query that are not used by the server. Aanchal and Daniel to draft this. 2. Way forward for the various NTS documents (see above) - Clarify how Daniel and Kristof can work on the merged documents - Daniel will provide an update to the merged document according the decision above mentioned 3. draft-aanchal4-ntp-mac Aanchal presented an update of the draft-aanchal4-ntp-mac. The new version of the draft recommends the use of CMAC because of a "nonce reuse vulnaribility" of a GMAC (for more details refer to the session's materials section) 4. BCP draft-ietf-ntp-bcp Denis gave an update of the BCP. It is supposed to be ready for WGLC ... 5. Way forward for drafts related to extension fields and refid - draft-stenn-ntp-ipv6-refid-hash - draft-stenn-ntp-leap-smear-refid - draft-stenn-ntp-not-you-refid These three drafs shall be combined and resubmitted as draft-ietf-ntp-refid-updates as possible (Sharon and Harlan) - draft-mayer-ntp-mac-extension-field This draft should go forward - draft-stenn-ntp-last-extension - draft-stenn-ntp-i-do The processing on this document has been postponed to later Jabber archive: https://www.ietf.org/jabber/logs/ntp/2016-10-14.html
_______________________________________________ ntpwg mailing list ntpwg@lists.ntp.org http://lists.ntp.org/listinfo/ntpwg
- [ntpwg] WG: Minutes from NTP WG Interim meeting F… dieter.sibold